Hacker News new | past | comments | ask | show | jobs | submit login
Unpacking ASIC firmware: AntMiner Exploited (2019) (serhack.me)
19 points by serhack_ on Feb 12, 2022 | hide | past | favorite | 14 comments

There is zero ASIC anything in this article.

It's entirely about breaking into the (commodity linux based) control plane for a ASIC miner system.

If they were looking at re-using the actual ASICs for other stuff (do they run microcode? Who knows!) that would be neat. As it is, it's just typical junk-hacking.


An ASIC-miner is called an ASIC-miner because it contains ASICs. The author of this post seems to be referring to a system containing ASICs as "an ASIC". This is fundamentally incorrect. Considering the author of the post has also apparently written an entire book about monero, it's a pretty spectacularly egregious error.

The author understands that and is writing for a crypto enthusiast audience that mostly does not understand that. That audience, and even people just tangentially interested, refer to categories of miners as their own terms that are loosely based on the architecture that supports them.

“ASIC” doesn't mean Application Specific Integrated Circuit to them, it means “super fast specialized mining computer that isn't an FPGA and also cant do general computation”

It is a new but decade-old context, so its not worth prefacing that anymore.

The author uses the terms so sloppily that I don't think you can claim they understand it.

If writing for people with an idiosyncratic definition of a well established term, you have to lead with a clarification of what those terms mean.

Nah. I don’t think its relevant to debate about whether they understand it since they modified the firmware successfully.

The audience they write for doesnt understand “ASIC resistance”, its a meme within that community that has always relied on a misunderstanding of how processors work and is taken advantage of by people that do understand. It would unnecessarily dilute the article to proselytize to the desired audience just because someone that also understands computer architecture might happen to read it.

I would just say you’re late to this one. Like, you would have had an argument in 2012 when there actually was a chance to frame the lingo in the crypto space, but in 2022 for an article from 2019? No.

You should have just sold some hardware or software to miners sometime over the last 10 years.

Again, they poked around in an embedded linux image. There was zero investigation if the ASICs even have firmware, let alone modifying it.

> I would just say you’re late to this one. Like, you would have had an argument in 2012 when there actually was a chance to frame the lingo in the crypto space, but in 2022 for an article from 2019? No.

I mean, ok? If you're writing for a uninformed subset that uses words wrong, and you deliberately use their incorrect terminology, that's kind of worse. I can guarantee that no one who actually works on making the antminer/whatever ASICs calls the entire box "an ASIC".

Writing for a lay audience does not mean deliberately misusing terms.

Meanwhile, the rest of the world uses ASIC to mean Application-Specific Integrated Circuit. Because thats literally what the acronym means.

Yeah I wrote the meaning of the acronym in my first response to you

Its an article about a device that 100% of the purchasers and 100% of the manufacturers call “an ASIC”

Manufacturers and the chip designers and serhack know that it is an array of single purpose processors controlled by an embedded linux image.

Not trying to change your mind here, just providing context.

I guess it would be a cooler article if they had found some way to manipulate the circuits.

It's likely that the ASIC component cannot be used for anything else, but the control plane can definitely be, which isn't so egregious.

I mean, sure, but it's still not "unpacking the ASIC firmware". It's just hacking a random embedded linux box.

Is the general purpouse processor on the ASIC or on a separate chip? In the former case the terminology would be ok, in the latter case not, when talking about mucking about the sw on the processor controlling the fixed-function elements.

No, They use a commodity embedded Linux board that sits separate from the boards that contain the ASICs which do the hash calculations. I agree with OP the title is misleading, what this is describing is very pedestrian.

> do they run microcode?

If you mean "firmware", then yes.

> Who knows!)

IIRC orsoc/KNCMiner folks loved using a 6502 clone in their ASIC designs to handle boot and configuration.

Imagine reselling antminers with modded firmware that mine for you instead of the owner. I'm surprised this hasn't been documented yet.

That would become obvious fairly quickly. A better attack would be to skim off only a percentage of the hashes.

Is that possible while pool mining?

I guess the firmware could connect to its own pool or appropriate some of the circuits for that pool

edit: …that’s actually a really good idea, given the expected variance 5-10% could be redirected with nobody caring even if they did notice

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact